If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

The example exploit that SANS ISC discussed doesn't target Vista, most likely due to the limited attack surface of IE 7 in Protected Mode on Vista. It would be entirely possible, however, to target Vista with the vulnerability.

That being said... if you've got another article I'm unaware of.. I'd love to read it.

Side note, anyone wanting to look at the code (since it's been sanitized on the SANS ISC site) send me a PM.

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

but it appears some hackers already knew how to exploit the flaw. At one point, the code was traded for as much as US$15,000 on the underground criminal markets, according to iDefense, the computer security branch of VeriSign, citing a blog post from the Chinese team

However, other information indicates that hackers already knew how it worked before the release. According to knownsec, a rumor surfaced earlier in the year about a bug in Internet Explorer, iDefense wrote. Information on the vulnerability was allegedly sold in November on the underground back market for US$15,000. Earlier this month, the exploit was sold second or third hand for $650, said iDefense, citing knownsec.
Eventually, someone developed a Trojan horse program -- one that appears harmless but is actually malicious -- that is designed to steal information related to Chinese-language PC games, a popular target for hackers.